Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x Email Support v1.0.x v need help ASAP

need help ASAP
fearworks Offline
Support Staff
*****
OS: CentOS 7.5
Version: 1.0.3
Server: VPS/Dedicated
Posts: 208
Threads: 4
Joined: Jun 2018
Reputation: 8
Sex: Male
Thanks: 0
Given 37 thank(s) in 33 post(s)
#2
RE: need help ASAP
 10-17-2018, 06:02 AM
(10-16-2018, 11:39 PM)rpuig Wrote: hi guys !
i think my server is sending spam, a couple of day ago was receiving lots of bounced emails, so i checked the queue an it was very big. Cleared the queue and its now empty almost all the time.
Now i´m checking the mail logs and still are lots of rare lines like this :

Oct 16 08:52:58 panel postfix/smtpd[2588]: connect from unknown[191.96.249.24]
Oct 16 08:53:00 panel postfix/smtpd[2038]: warning: unknown[23.226.136.33]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:02 panel postfix/smtpd[2588]: warning: unknown[191.96.249.24]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:03 panel postfix/smtpd[2588]: disconnect from unknown[191.96.249.24]
Oct 16 08:53:06 panel postfix/smtpd[2038]: lost connection after AUTH from unknown[23.226.136.33]
Oct 16 08:53:06 panel postfix/smtpd[2038]: disconnect from unknown[23.226.136.33]
Oct 16 08:53:09 panel postfix/smtpd[2627]: connect from unknown[23.226.136.33]
Oct 16 08:53:10 panel postfix/smtpd[2627]: Anonymous TLS connection established from unknown[23.226.136.33]: TLSv1 with cipher AES128-SHA (128/128 bits)
Oct 16 08:53:12 panel postfix/smtpd[2590]: connect from unknown[191.96.249.61]
Oct 16 08:53:14 panel postfix/smtpd[2627]: lost connection after AUTH from unknown[23.226.136.33]
Oct 16 08:53:14 panel postfix/smtpd[2627]: disconnect from unknown[23.226.136.33]
Oct 16 08:53:18 panel postfix/smtpd[2588]: warning: hostname radheengineering.info does not resolve to address 191.96.249.26
Oct 16 08:53:18 panel postfix/smtpd[2588]: connect from unknown[191.96.249.26]
Oct 16 08:53:19 panel postfix/smtpd[2590]: warning: unknown[191.96.249.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:20 panel postfix/smtpd[2590]: disconnect from unknown[191.96.249.61]
Oct 16 08:53:22 panel postfix/smtpd[2588]: warning: unknown[191.96.249.26]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:22 panel postfix/smtpd[2588]: disconnect from unknown[191.96.249.26]
Oct 16 08:53:22 panel postfix/smtpd[2038]: connect from unknown[23.226.136.33]
Oct 16 08:53:24 panel postfix/smtpd[2038]: Anonymous TLS connection established from unknown[23.226.136.33]: TLSv1 with cipher AES128-SHA (128/128 bits)
Oct 16 08:53:27 panel postfix/smtpd[2038]: warning: unknown[23.226.136.33]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:27 panel postfix/smtpd[2038]: lost connection after AUTH from unknown[23.226.136.33]
Oct 16 08:53:27 panel postfix/smtpd[2038]: disconnect from unknown[23.226.136.33]
Oct 16 08:53:29 panel postfix/smtpd[2511]: connect from unknown[191.96.249.24]
Oct 16 08:53:33 panel postfix/smtpd[2511]: warning: unknown[191.96.249.24]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:34 panel postfix/smtpd[2511]: disconnect from unknown[191.96.249.24]
Oct 16 08:53:43 panel postfix/smtpd[2590]: connect from unknown[191.96.249.61]
Oct 16 08:53:49 panel postfix/smtpd[2590]: warning: unknown[191.96.249.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 16 08:53:49 panel postfix/smtpd[2590]: disconnect from unknown[191.96.249.61]
Oct 16 08:53:50 panel postfix/smtpd[2588]: warning: hostname radheengineering.info does not resolve to address 191.96.249.26


i have no idea how to proceed to solve this. I´m looking for someone in the staff who can do the job, not for free obviously.

There definitely appears to be log in attempts, but this very small snapshot of the log doesn't really show everything that you have described, so it's difficult to diagnose.

Perhaps you could install Fail2Ban and enable the Postfix protection, and see if that helps stop the log in attempts.

Keith
Find
Reply
Thanks given by:


Messages In This Thread
need help ASAP - by rpuig - 10-16-2018, 11:39 PM
RE: need help ASAP - by fearworks - 10-17-2018, 06:02 AM
RE: need help ASAP - by rpuig - 10-17-2018, 06:10 AM
RE: need help ASAP - by TGates - 10-19-2018, 07:09 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)